Vulnerabilities ›

CVE-2026-27963

Medium ⚡ Exploit Available

CWE-79 — Weakness Type

                    Published: Feb 26, 2026                      ·  Modified: Mar 5, 2026                      ·  Source: NVD                

CVSS v3

4.8

🔗 NVD Official

📄 Description (English)

Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.32.0 of the Audiobookshelf web application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification privileges can execute code in victim users' browsers, potentially leading to session hijacking and data exfiltration. Version 2.32.0 contains a patch for the issue.

🤖 AI Executive Summary

Audiobookshelf versions prior to 2.32.0 contain a stored XSS vulnerability in library metadata that allows privileged attackers to execute arbitrary JavaScript in users' browsers. This could lead to session hijacking and unauthorized data access for organizations using vulnerable versions.

📄 Description (Arabic)

تتعلق الثغرة بثغرة XSS مخزنة في بيانات وصفية المكتبة في تطبيق Audiobookshelf الويب. يمكن للمهاجمين الذين لديهم امتيازات تعديل المكتبة تنفيذ رمز JavaScript عشوائي في متصفحات المستخدمين الضحايا. يؤدي هذا إلى مخاطر اختطاف الجلسة وسرقة البيانات الحساسة.

🤖 ملخص تنفيذي (AI)

إصدارات Audiobookshelf السابقة للإصدار 2.32.0 تحتوي على ثغرة XSS مخزنة في بيانات المكتبة تسمح للمهاجمين بامتيازات بتنفيذ JavaScript عشوائي. قد يؤدي هذا إلى اختطاف الجلسات والوصول غير المصرح به للبيانات.

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 07:25

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

government healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1598 T1566

⚖️ Saudi Risk Score (AI)

5.0

/ 10.0

🔧 Remediation Steps (English)

Upgrade Audiobookshelf to version 2.32.0 or later immediately. Restrict library modification privileges to trusted administrators only. Implement Content Security Policy (CSP) headers to mitigate XSS impact. Monitor user accounts for suspicious activity and session anomalies.

🔧 خطوات المعالجة (العربية)

قم بترقية Audiobookshelf إلى الإصدار 2.32.0 أو أحدث فوراً. قيد امتيازات تعديل المكتبة للمسؤولين الموثوقين فقط. طبق رؤوس سياسة أمان المحتوى (CSP) للتخفيف من تأثير XSS. راقب حسابات المستخدمين للكشف عن النشاط المريب.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

2.1.1 2.1.2 3.2.1

🔵 SAMA CSF

ID.AM-2 PR.DS-1 PR.DS-2

🟡 ISO 27001:2022

A.14.2.1 A.14.2.5

🔗 References & Sources 2

🔗

https://github.com/advplyr/audiobookshelf/commit/503f4611b221a5bde19024e657021670df204478

security-advisories@github.com

Patch

🔗

https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-69cp-m725-wf78

security-advisories@github.com

Exploit Mitigation Patch Vendor Advisory

📦 Affected Products / CPE 1 entries

audiobookshelf:audiobookshelf

📊 CVSS Score

4.8

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredH — High

User InteractionR — Required

ScopeC — Changed

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score4.8

CWECWE-79

Exploit ✓ Yes

Patch ✓ Yes

Published 2026-02-26

Source Feed nvd

🇸🇦 Saudi Risk Score

5.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

exploit-available patch-available CWE-79

🏢 Vendor Advisories

🔗 https://github.com/advplyr/audiobookshelf/security/a...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-27963

💬 Comments

Introduce Yourself

Sign In Required